Creating your own content management system with php [Page 4 of 4]

Misc Links

Ads

Latest Forum Topics

wow 56 k modems are
Posted by Red Squirrel
on Oct 14 2013, 11:52:23 pm

I Need A Program
Posted by rovingcowboy
on Sep 23 2013, 5:37:59 pm

having trouble witn lan
Posted by rovingcowboy
on Sep 23 2013, 5:40:56 pm

new problem for me
Posted by rovingcowboy
on Sep 23 2013, 5:54:09 pm

RBC Royal Bank
Posted by Red Squirrel
on Aug 13 2013, 6:48:08 pm

Creating your own content management system with php
Better control of site content and access
By Red Squirrel

Since the examples did not use mysql, I figured I would show a real time example of a login system that does use mysql, since you now know the basics of login systems, and probably know mysql if you read my php data storage tutorial, I won't go in as much detail but rather point out the main parts.

if($_GET[act]=="logon")
{
//1: load the database and stuff
$scinfo = mysql_connect($global[sqlhost],$global[sqluser],$global[sqlpass]);
$scresult = mysql_select_db($global[scadadb],$scinfo);
$scresult = mysql_query("SELECT * FROM admin where username='".$_POST[user]."' and passwordhash='".md5(md5($_POST[pass]))."'") or die("<font color=\"red\">SQL Error: " . mysql_error()."</font>");

//2: get the number of results that match with the username/password supplied (0 or 1 results) and if it's 0 it means it's a bad login
$count = mysql_num_rows($scresult);

if($count<1)
{
//access denied! BAD LOGIN

//3: block the user off the site :)  some guy from 24.17.127.109 got nailed by this already and keeps trying to get on, hehe
SWScadaSetRule("IP",$_SERVER[REMOTE_ADDR],5,"Failed Login Attempt in Scada CP - Further attempts will result in legal action.",1,1,0,1,"Failed login to scada CP (".$_POST[user].",".$_POST[pass].")");

echo("access denied!");
exit();
}



//4: set session stuff
$session = md5(md5(rand(0,1000000)).rand(0,525723).$_SERVER[REMOTE_ADDR]);
$session .= rand(11,99).rand(1,9).rand(1111,9999);
$session .= md5(md5(rand(1211,99529)).md5(rand(141,73599)).md5(rand(11411,9242999)));


//5: Insert session in both the database and the cookie - they must match all the time for the session to be valid
$scresult = mysql_query("UPDATE admin set sessionhash='".$session."'where username='".$_POST[user]."' and passwordhash='".md5(md5($_POST[pass]))."'") or die("<font color=\"red\">SQL Error: " . mysql_error()."</font>");
setcookie("scadasession",$session);


//6: redirect back to the same page, but since we're logged in the auth module will take care of finding that out from the cookie
echo("Login Accepted.  Redirecting...<br>");
echo("<meta http-equiv=\"refresh\" content=\"1;url=index.php\">");


exit();
}

1: We do the usual mysql stuff, those vars are simply stored in some other file and well, the values are none of your business. :P

2: The query checked to see if a user matched with the username and password given so if there's 1 result, we keep going, but if there's 0 results, then we do stuff. Usually we'd give a chance, but since only admins use this particular system we're more strict.

3: Since the user got the password wrong, we block him off, don't mind what that function does, since it's one I made and use in that script, normally you would display a "bad username/password" message.

4: This is really interesting. Basically we want to generate a random string that we will use for the session string. But to make it super unique, we just MD5 a bunch of stuff together, including the IP address and random numbers, then make a super long string. The possibilities are endless here, just have fun!

5: Then we put the cookie (this is why doing the auth stuff before data output is a must) and also update the user record with that session.

6: Then we're ready to do whatever we want to do once we're logged in! There better not be security exploits in this since I'm screwed. :P

Well this ends the tutorial. I hope that you learned something from it. And with the knowledge gained from this article and my other php related ones, you should be able to make a rather advanced CMS system if you put all those skills together.

If you're wondering out of curiosity how this site is run, it is actually a very different system. Each page is somewhat independent of each other in terms of html. There are various reasons for this, one of them is that it is more flexible in terms of ad placements, as I can put different ads on different pages as easly as it would on fully static html pages.

This is something you should ask yourself, do you really need a CMS, or do you simply want to plug in php code in html pages? A full featured CMS where you can add modules etc and different sections is cool and all, but if you don't really need it, then stick with static html and php where needed.

But if you need to be able to password protect stuff, and make it easier to change the look then a CMS is the way to go, and coding it yourself is a good start.

Red Squirrel
IceTeks Owner

spacer

27236 Hits

Pages: [1] [2] [3] [4]

1 Comments

Latest comments (newest first)

Posted by Andy on October 10th 2004 (08:52)
LOL I was about to say. WOW this guest is smart. Why can't i find someone like that at my site.
spacer

View all comments
Post comment

Top Articles	Latest Articles
- What are .bin files for? (669062 reads) - Text searching in linux with grep (161180 reads) - Big Brother and Ndisuio.sys (150471 reads) - PSP User's Guide (139547 reads) - SPFDisk (Special Fdisk) Partition Manager (117240 reads)	- How to Use MDADM Linux Raid (188 reads) - What is Cloud Computing? (1225 reads) - Dynamic Forum Signatures (version 2) (8769 reads) - Successfully Hacking your iPhone or iTouch (18714 reads) - Ultima Online Newbie Guide (35906 reads)